.PU
.TH SECURITY FEATURE of CINT 1 

 C/C++ programming language is so flexible that it often causes program or
system to crash. Cint tries to introduce security mode to provide safer way 
of using C/C++ interpreter.  


.SH HOW TO SET SECURITY MODE

 Security mode can be set either by command line option or #pragma statement.

.B -q [level] : command line option
 You can specify security level by '-q' command line option like below.

.nf
	$ cint -qlevel1 source.C
.fi

If you initialize cint by G__init_cint(), you can do the same,

.nf
	G__init_cint("cint -qlevel1");
.fi


Security mode can be overridden by '#pragma security' statement described
below in specific source file.


.B #pragma security [level]
 In source file, '#pragma security [level]' can be used to set security mode.
Security mode set by this is only active in this particular file and files 
included by it. You can control different security levels for each independent
source file.

.nf
	#pragma security level2
.fi

It is not recommended to overuse this feature. Having different security levels
for different source files may not provide safe enough environment.


.SH SECURITY MODE

 There are several levels of security modes. A user can trade off security 
and C/C++ compatibility by choosing appropriate security level. The higher 
the security level the safer the environment at a cost of loosing some 
language capability. 

.B 0 (zero)
 Security 0 is a default setting of cint which does no security and robustness
checking. However, following checks are always activated in cint.

.nf
	* Array index out of range
		int a[10];
		a[-5] = a[10];   // checked

	* Divided by zero
		double a, d = 0; 
		a = 3.14/d;      // checked

	* Invalid arguments for standard library function
		double d=log(-1.0);  // checked
		FILE *fp = NULL;
		fprintf(fp,NULL);    // checked
.fi

.B level0
 Security level0 checks following thing.

.nf
	* Function call stack deeper than 100
		f() {
		   f();  // infinite stack grow checked
		}
.fi

.B level1
 Security level1 does following on top of level0. 
.nf
	* Prohibits Pointer arithmetic
		int *p,i;
		p = &i + 2; // checked

	* Prohibits Cast to pointer and incompatible pointer assignment
		char c;
		int *p = (int*)c; // checked
		p = malloc(sizeof(int)); //  checked, use new

	* Prohibits Goto statement
		label1:
		   goto label;  // checked

	* Activate Garbage collection
		See also garbage(2)
.fi

.B level2
 Security level2 does following on top of level1. 
.nf
	* Prohibits using pointer as an array 
		int *a = &i;
		a[5] = 1234;  // checked
		f(int *a) { 
		   a[10]=123; // checked, sorry
		}             // need to use array class or template
.fi

.B level3
 Security level3 does following on top of level2. 
.nf
	* Prohibits casting
		double d;
		int i;
		i = (int)d;  // checked
.fi


.B level4-6
 Security level4 through 6 are reserved for experimental use.



.SH SEE ALSO
	garbage(2),cint(1),makecint(1)

.SH AUTHOR
Masaharu Goto

Copyright (c) 1995~1999 Masaharu Goto
